Hi,
thanks for your post, and sorry for the trouble.
That’s strange. It would be great to find out more about this error. For that, please set the WP_DEBUG constant to true in your site’s “wp-config.php” file, see https://ww.wp.xz.cn/support/article/debugging-in-wordpress/#wp_debug , or maybe check the server’s error log file (if you don’t have access to that your self, you web host company’s support team should have access), and then try again, please.
Thanks!
Tobias
Thanks Tobias, although resolution on this is not critical for me, I’m happy to help debug as much as I can.
I have turned on php logging and WP_DEBUG. The only messages in the WordPress log are messages about deprecatd PHP calls and do not seem to have anything to do with Tablepress. Unfortunately I can’t find any php error log generated as a result of the error. I am contacting support on this.
I have done a couple of changes to see if it would affect the problem. I have increased the php max_execution_time = 500 and max_input_time = 0 and also tried PHP 8.0 and 8.2. The error still occurs.
So I got access to the error log. Here is the tail entries.
[Tue Feb 28 14:29:52.864399 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:29:52.875071 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:29:52.895065 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.337055 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.337342 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
[Tue Feb 28 14:30:07.358285 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
After further working with Dreamhost support the issue is resolved in that the Server Internal Error no longer occurs. In terms of what support needed to do to resolve it he indicated “Actually the Mod Security was tampering with that process, so I added the exceptions so you can continue with it.”
In any case I’m not sure if it is an issue to Dreamhost but I’m recording the resolution in case anyone else encounters the same issue.
-
This reply was modified 3 years, 3 months ago by
pcvcadmin.
Hi,
thanks a lot for looking into this so deeply!
From what I can see, this was indeed a Dreamhost server configuration problem. They have configured “mod_security” a security software similar like a firewall too strictly. It was then falsely recognizing the “head” text in the CSS code (as part of that full structure, e.g. with the comma and {) as being “malicious”, e.g. as in a hacking attempt. That software then intercepted your request to save the CSS and returned the error.
So, adjusting the configuration of that software as done by the Dreamhost support agent is the right thing to do here.
Best wishes,
Tobias
Thanks for the work you put into this plugin Tobias. I’m glad that the cause was finally determined. All the best.
Hi,
no problem, you are very welcome! 🙂 Good to hear that this helped!
Best wishes,
Tobias
P.S.: In case you haven’t, please rate TablePress here in the plugin directory. Thanks!
